All Airlines Have the Security Hole That Grounded Polish Planes

Share

All Airlines Have the Security Hole That Grounded Polish Planes

Airplane in the Sky

Getty Images

More than 10 airplanes were grounded on Sunday after hackers apparently got into computer systems responsible for issuing flight plans to pilots of Poland's state-owned LOT airline. The apparent weak link? The flight plan-delivery protocol used by every airline. In fact, though this may be the first confirmed hack of its kind, it's very similar to a mysterious grounding of United Airlines planes that happened last month.

Yesterday, hackers breached the network at Warsaw's Chopin airport, causing some flights to be cancelled and others to be delayed. Approximately 1,400 passengers on flights headed to Dusseldorf, Hamburg, Copenhagen, and cities in Poland were affected by the grounding. The problem was reportedly fixed after about five hours.

"We're using state-of-the-art computer systems, so this could potentially be a threat to others in the industry," LOT spokesman Adrian Kubicki told the BBC.

It's possible that potentiality is already a reality. Last month, all United flights in the US were grounded for nearly an hour after the airline apparently experienced problems with flight plans dispatched to its pilots.

United provided few clues about what occurred at the time—saying only through a spokesman that flights were delayed "to ensure aircraft departed with proper dispatching information." But passengers onboard several delayed aircraft tweeted that they'd been told bogus flight plans were the problem.

Passenger Edward Benson, founder and CTO of the tech firm Cloudstitch, tweeted that his pilot had told passengers they were being grounded due to a possible hack of United’s computer network, which resulted in bogus flight plans popping up in the system. After the problem was resolved he later tweeted, "Pilot said flight plan system had been spitting out 'random plans over and over.'"

Another passenger named Christ Habets tweeted, "Andy from @UnitedAirlines is telling us that flight plans from planes in the AIR dropped flight plans." AIR likely refers to the ACARS datalink system, or Aircraft Communications Addressing and Reporting System, that is used to distribute flight plans and other data to pilots before and during a flight.

The Problem Is Systemic

Although Polish authorities haven't provided details about what occurred with the flight plans in that case, the problem with both the LOT planes and United may very well be the protocol for delivering flight plans: It doesn't require authentication, according to Peter Lemme, an independent consultant who chairs the SAE-sponsored Ku/Ka band satcom subcommittee, which is developing a proposed standard for end-end secure networking using broadband radios installed on airplanes. Lemme says the issue would allow a hacker to send bogus flight plans to pilots, irrespective of which branded flight-plan system an airline used.

Here's how the protocol works: Ground computers calculate the appropriate flight plan for planes, and generally someone on ground also approves the plan before distributing it to pilots. Pilots receive plans before taking off, as well as en route if a change occurs during a flight. Plans can be uploaded to planes via a datalink.

Any flight plan sent to a plane has to conform to the protocol standard for that particular plane's software—which would be different for 757s than it would for 767s, Lemme notes. But once a hacker figures out those protocols, it would be possible to issue a bogus flight plan.

"There's more we could do in this area as far as authenticating that the flight plan is coming from a legitimate source," he says. "Right now, [the system] is relatively trusting—if it comes in and it's properly formatted, the system will accept it."

This doesn't mean, however, that a pilot would blindly follow it. It's important to note that while this loophole could cause confusion resulting in planes being grounded before takeoff, Lemme says it wouldn't be a safety concern since there are checks in place to ensure that pilots don't follow incorrect flight paths that take them into the course of another plane. These checks apparently worked as they were intended in Poland when flights were grounded.

"[The flight plan] doesn't just go into the system and take over the airplane," Lemme says. "The pilot has to accept it or has to manually transcribe it into the flight avionics system." If the flight plan is odd, that will stand out. "The pilot will see a presentation of the flight routing, like with a car GPS, and he'll say, 'What the hell, it has me going out to Alabama when I'm going to California. That's not right'."

The flight crew will then contact the airline, and "that's where everything will grind to a halt," Lemme says. "There's not a single situation where you can issue a command to the airplane and have it go into an active memory without the pilot first accepting it and taking action to load it into the system. And ultimately you've got two pilots at every single flight who are going to look at that and they're going to have a conversation over it" if a flight plan doesn't make sense.

Security expert Peter Lemme says the problem of bogus flight plans is not a safety issue.

Lemme says the problem of bogus flight plans is not a safety issue. "It's more confusing than anything else. It would leave the airplanes flying inefficiently and not going in the correct route," he says.

Even if the changes in a flight plan were so subtle that they wouldn't cause a pilot to be alarmed, Lemme says passengers shouldn't worry about pilots flying their planes into one another.

If a pilot were to receive a flight plan via data link en route that indicated he or she should change route, the pilot would negotiate this with air traffic through voice communication first. "And air traffic would have something to say if [a change] would put them in the path of another airplane…. Air traffic is constantly looking at the path of every airplane and determining whether it might intersect with another airplane and will raise an alarm," he says. Planes are also equipped with sensors that will alert pilots if they're in the vicinity of other aircraft.

But Lemme says the system currently operates under the assumption that the data sent to pilots is legitimate, and it really should be designed in such a way that it rejects bogus flight plans before they reach the pilot. "We're working on that right now."